How Can Drones Be Hacked? Let Us Count the Ways
Johns Hopkins grad students and their professor found security flaws in a popular hobby drone.
Credit: Will Kirk/Johns Hopkins University

As drone popularity has soared, hackers have found ways to take control of the new technology in midflight, scientists have found.

A computer security team at Johns Hopkins University has found multiple ways to gain control of the small flying machines. Their research has raised concerns over the security of drones, especially as sales have continued to rise.

Despite its relatively recent introduction to the public, drone sales have tripled in the last year, according to Fortune. From hobby drones flown for fun or aerial photography, to commercial drones used to monitor crops or deliver packages, the unmanned aerial vehicles have already found their place in the market, analysts say. [Commercial Drones Can Be Hijacked, New Study Finds | Video]

The Federal Aviation Administration projected $2.5 million in sales of drones in the U.S. this year, swelling to $7 million by 2020.

However, the increase in consumer demand may have pushed drone makers too quickly, leaving holes in the technology's security, according to Lanier Watkins, a senior cybersecurity research scientist who supervised the study at Johns Hopkins.

Security flaws in a popular hobby drone can cause the unmanned aerial vehicle to make an "uncontrolled landing."
Security flaws in a popular hobby drone can cause the unmanned aerial vehicle to make an "uncontrolled landing."
Credit: Will Kirk/Johns Hopkins University

"You see it with a lot of new technology," Watkins said in a statement. "Security is often an afterthought. The value of our work is in showing that the technology in these drones is highly vulnerable to hackers."

Watkins worked with five security informatics graduate students to find backdoors into the controls of a popular drones called the Parrot Bebop 1. Through their research, the team members discovered three different ways to interfere, remotely, with the airborne hobby drone's normal operation. By sending rogue commands from a laptop, they were able to land the drone or send it plummeting to the ground.

Though the researchers did send their findings to the maker of the Parrot Bebop 1, Watkins said the company has not yet responded.

Michael Hooper, one of the student researchers, explained in a Johns Hopkins video that for one of the hacks the team sent "thousands of connection requests" to the drone, overwhelming the processor and forcing the drone to land.

"We determined an attacker could take over a drone, hijack it and use it in a way it's not designed to be used," Hooper said in the video.

The second hack involved sending the drone an incredibly large amount of data to exceed the the aircraft's capacity for data, causing the drone to crash. They were also able to successfully force the drone to make an emergency landing, by repeatedly sending fake data to the drone's controller camouflaged as if it were being sent from the drone itself. Eventually, the controller accepted the data as being from the drone and forced the emergency landing.

"We found three points that were actually vulnerable, and they were vulnerable in a way that we could actually build exploits for," Watkins said in the statement. "We demonstrated here that not only could someone remotely force the drone to land, but they could also remotely crash it in their yard and just take it."

Other vulnerabilities the team found, though they did not have a successful hack using these weaknesses, included: Anyone could, in theory, upload or download files as the drone is flying; anyone could connect to the drone while it's flying, without a password, among others.

Recently, the team has begun testing their hacking methods on higher-priced drone models.

"We have released two disclosures to the company stating that there are some immediate security concerns," Watkins told Live Science.

Original article on Live Science.